diff options
-rw-r--r-- | install/restart_scripts/Makefile.am | 1 | ||||
-rw-r--r-- | install/restart_scripts/renew_ra_cert | 5 | ||||
-rwxr-xr-x | install/restart_scripts/renew_ra_cert_pre | 18 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 2 | ||||
-rw-r--r-- | ipaserver/install/server/upgrade.py | 4 |
5 files changed, 26 insertions, 4 deletions
diff --git a/install/restart_scripts/Makefile.am b/install/restart_scripts/Makefile.am index 58057aa31..c4bf8195e 100644 --- a/install/restart_scripts/Makefile.am +++ b/install/restart_scripts/Makefile.am @@ -7,6 +7,7 @@ app_DATA = \ renew_ca_cert \ renew_ra_cert \ stop_pkicad \ + renew_ra_cert_pre \ $(NULL) EXTRA_DIST = \ diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index cf770a94c..9b5e231b5 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -77,8 +77,11 @@ def _main(): def main(): - with certs.renewal_lock: + try: _main() + finally: + # lock acquired in renew_ra_cert_pre + certs.renewal_lock.release('renew_ra_cert') try: diff --git a/install/restart_scripts/renew_ra_cert_pre b/install/restart_scripts/renew_ra_cert_pre new file mode 100755 index 000000000..d0f743c09 --- /dev/null +++ b/install/restart_scripts/renew_ra_cert_pre @@ -0,0 +1,18 @@ +#!/usr/bin/python2 -E +# +# Copyright (C) 2015 FreeIPA Contributors see COPYING for license +# + +import syslog +import traceback + +from ipaserver.install import certs + + +def main(): + certs.renewal_lock.acquire('renew_ra_cert') + +try: + main() +except Exception: + syslog.syslog(syslog.LOG_ERR, traceback.format_exc()) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 23fdf3014..1cbc0d03b 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1339,7 +1339,7 @@ class CAInstance(DogtagInstance): pin=None, pinfile=paths.ALIAS_PWDFILE_TXT, secdir=paths.HTTPD_ALIAS_DIR, - pre_command=None, + pre_command='renew_ra_cert_pre', post_command='renew_ra_cert') except RuntimeError as e: self.log.error( diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 4337995ac..b9621a39d 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -806,7 +806,7 @@ def certificate_renewal_update(ca): dogtag_constants = dogtag.configured_constants() # bump version when requests is changed - version = 3 + version = 4 requests = ( ( dogtag_constants.ALIAS_DIR, @@ -844,7 +844,7 @@ def certificate_renewal_update(ca): paths.HTTPD_ALIAS_DIR, 'ipaCert', 'dogtag-ipa-ca-renew-agent', - None, + 'renew_ra_cert_pre', 'renew_ra_cert', None, ), |